TY - GEN
T1 - Data Poisoning Attacks Against Multimodal Encoders
AU - Yang, Ziqing
AU - He, Xinlei
AU - Li, Zheng
AU - Backes, Michael
AU - Humbert, Mathias
AU - Berrang, Pascal
AU - Zhang, Yang
PY - 2023/8/31
Y1 - 2023/8/31
N2 - Recently, the newly emerged multimodal models, which leverage both visual and linguistic modalities to train powerful encoders, have gained increasing attention. However, learning from a large-scale unlabeled dataset also exposes the model to the risk of potential poisoning attacks, whereby the adversary aims to perturb the model’s training data to trigger malicious behaviors in it. In contrast to previous work, only poisoning visual modality, in this work, we take the first step to studying poisoning attacks against multimodal models in both visual and linguistic modalities. Specially, we focus on answering two questions: (1) Is the linguistic modality also vulnerable to poisoning attacks? and (2) Which modality is most vulnerable? To answer the two questions, we propose three types of poisoning attacks against multimodal models. Extensive evaluations on different datasets and model architectures show that all three attacks can achieve significant attack performance while maintaining model utility in both visual and linguistic modalities. Furthermore, we observe that the poisoning effect differs between different modalities. To mitigate the attacks, we propose both pretraining and post-training defenses. We empirically show that both defenses can significantly reduce the attack performance while preserving the model’s utility. Our code is available at https: //github.com/zqypku/mm_poison/.
AB - Recently, the newly emerged multimodal models, which leverage both visual and linguistic modalities to train powerful encoders, have gained increasing attention. However, learning from a large-scale unlabeled dataset also exposes the model to the risk of potential poisoning attacks, whereby the adversary aims to perturb the model’s training data to trigger malicious behaviors in it. In contrast to previous work, only poisoning visual modality, in this work, we take the first step to studying poisoning attacks against multimodal models in both visual and linguistic modalities. Specially, we focus on answering two questions: (1) Is the linguistic modality also vulnerable to poisoning attacks? and (2) Which modality is most vulnerable? To answer the two questions, we propose three types of poisoning attacks against multimodal models. Extensive evaluations on different datasets and model architectures show that all three attacks can achieve significant attack performance while maintaining model utility in both visual and linguistic modalities. Furthermore, we observe that the poisoning effect differs between different modalities. To mitigate the attacks, we propose both pretraining and post-training defenses. We empirically show that both defenses can significantly reduce the attack performance while preserving the model’s utility. Our code is available at https: //github.com/zqypku/mm_poison/.
UR - https://proceedings.mlr.press/pmlr-license-agreement.pdf
UR - https://icml.cc/
UR - https://proceedings.mlr.press/v202/
M3 - Conference contribution
T3 - Proceedings of Machine Learning Research
SP - 39299
EP - 39313
BT - Proceedings of the 40th International Conference on Machine Learning
A2 - Krause, Andreas
A2 - Brunskill, Emma
A2 - Cho, Kyunghyun
A2 - Engelhardt, Barbara
A2 - Sabato, Sivan
A2 - Scarlett, Jonathan
PB - Proceedings of Machine Learning Research
T2 - The Fortieth International Conference on Machine Learning
Y2 - 23 July 2023 through 29 July 2023
ER -